#!/usr/bin/env sh set -e if [ "$(id -u)" -ne 0 ]; then info "Installer must run as root." exec sudo "$*" fi verb="${1:-install}" name=mitigator-agent prefix=/opt/mitigator/agent host_key="${prefix}/host.ed25519" service="/etc/systemd/system/${name}.service" service_priv="/etc/systemd/system/${name}-privileged.service" module="${prefix}/tcpsecrets" module_url="${MITIGATOR_AGENT_TCPSECRETS:-https://github.com/ddos-mitigator/tcpsecrets.git}" loader="/etc/modules-load.d/${name}.conf" info() { echo >&2 "$(tput setaf 2; tput smso)INFO:$(tput rmso)" $@ $(tput sgr 0) } if [ "${1}" = "-d" ]; then set +e info "Removing services..." systemctl stop "${name}.service" rm "${service}" rm "${service_priv}" systemctl daemon-reload info "Removing kernel module..." modprobe -r tcpsecrets rm "${loader}" info "Removing agent files from ${prefix}..." rm -rf "${prefix}" info "Removing '${name}' account..." userdel "${name}" exit fi info "Installing kernel module build dependencies..." apt-get --yes install --no-install-recommends \ build-essential dkms git linux-headers-`uname -r` info "Downloading kernel module sources to ${module}..." rm -rf "${module}" git clone "${module_url}" "${module}" info "Installing kernel module..." make -C "${module}" -f "Makefile.dkms" install echo tcpsecrets > "${loader}" info "Installing agent to ${prefix}..." mkdir -p "${prefix}/empty" test -f "${host_key}" || ssh-keygen -t "ed25519" -f "${host_key}" -N "" cat >"${prefix}/config" <"${prefix}/server" <<'END' #!/usr/bin/env sh case "$2" in get-tcp-secrets) exec cat /proc/tcp_secrets ;; esac exit 1 END chmod +x "${prefix}/server" info "Creating '${name}' account..." # Error 9 means user already exists. set +e useradd "${name}" \ --no-create-home --home-dir "${prefix}/empty" \ --shell "${prefix}/server" --system --user-group if [ \( $? -ne 0 \) -a \( $? -ne 9 \) ]; then exit $? fi set -e chown -R "${name}:${name}" ${prefix}/* info "Setting up services..." cat >"${service_priv}" <"${service}" <